BYOD is becoming a common practice amongst many businesses. A study indicated that about 70% of professionals globally would use their devices for work at least once a week before the pandemic. This figure has gone up since then.
Although BYOD seems like a desirable policy, most businesses are shying away from it because of the security concerns it carries along. Despite these concerns, some employees will still bring their devices to the work environment and may have a higher chance of not following the security policies. This will create a security risk for the company since the devices are unmonitored.
All companies should take the necessary precautions when creating a BYOD policy. This will ensure all devices are accounted for and there is not unpermitted access.
Each employee should sign a BYOD policy that will outline the security protocols and procedures to be taken to ensure cyber security precautions are followed.
What is BYOD
Bring Your Own Device (BYOD) is a company policy that allows its employees to bring their own computing devices to their workplace and take them home with them when they leave. This allows employees to not rely on companies’ devices.
Such devices may include laptops, tablets, smartphones. The huge proliferation of smartphones has seen almost everyone acquiring a smart device. Almost all employees come to work with their own smartphones that can connect to the internet and can also be used to perform work related tasks.
Why have a BYOD policy
Employees will often carry their own personal devices like laptops for efficiency. This is because they are used to their own devices and more familiar with them. Having a BYOD policy can also minimise costs of running the business.
Although a BYOD policy may have many advantages, it has some disadvantages, the majority of them being security concerns. This is why your business needs to have a clear policy indicating when employees’ devices are allowed and under what conditions. They should sign this policy to show that they will comply with the set procedures.
The Covid-19 pandemic also accelerated the BYOD market. Many employees were able to access their work-related files and information from their own devices. Such activities can elevate security risks.
This is why companies should fully assess having a BYOD policy in place, and if opting to have one, they should set clear conditions to ensure cybersecurity standards are met or prohibit it entirely and have other policies to enforce this.
What you should include, and why
There are several considerations you should make to protect your corporate data, sensitive data, personal data, and the company’s overall security.
There are different tips you can include to ensure network safety while your employees use their own devices.
1. A process for offboarding employees
When employees use their devices for work-related activities, it is most likely that they will have access to company data or hold certain privileges and may even be accessing sensitive data.
With such privileged authority, you need to include a well-written procedure for employees when they leave the company. According to recent report, only 35% of companies wipe employees’ devices or remove company data when they leave.
Not wiping off company data increases the risk of data breaches, cyberattacks, and personal data theft. Companies should have proper BYOD guidelines to address this issue.
2. It should use and contain network access control (NAC) software
When your company relies on BYOD policies, it is up to you to protect your company network and company data by ensuring your employees’ devices are securely updated.
Many cyber criminals have leveraged vulnerabilities in unpatched systems. Although your company’s systems may be properly patched, your employees may put you at risk since their devices are also connected to the same network.
You should ensure your staff’s devices have proper updates settings in place on the antivirus software, operating systems, and other software you use. NAC can help your company stay updated including BYOD devices. NAC ensures every device connected to a network is using the latest protection.
3. Endpoint protection
Your company must use endpoint protection such as antivirus software or antimalware on all devices for preventing data breaches and malware. Although the BYOD guidelines focus more on the employees and what they could do wrong, you must also consider having proper security programs and applications installed.
You should ensure a secure environment first, then outline security requirements that may be employee-related. These security programs will scan your network for vulnerabilities before providing user access.
4. Using 2-factor authentication for all mobile network access
If your company has decided to allow a BYOD policy, you should ensure all employee devices use two factor authentication.
Hackers can try to steal passwords or data. With 2FA, it requires two authentication processes to get access to a resource. Most times your employees may access your internal network remotely, 2FA will also protect this traffic.
Before your employees access your internal network, they should have 2FA enabled, which requires a strong password as a first factor; the second factor can be obtain through different forms of authentication, such as an SMS code or using an authenticator app.
5. Have an immediate process for reporting stolen or lost devices
A personal device may get lost or be stolen. If such devices can access data that is sensitive to the company or can allow access to the company’s network, it increases the risk of a cyberattack or a data breach.
You may not have a register of who has access to a device and what it can be used to do. This raises a significant risk to the company. Your BYOD guidelines should require employees to report to the IT department whenever a device is lost or stolen.
The IT department should proceed to terminate any access the device has to the internal network or any app accessing company’s data. Wiping data should also be considered. Any company data should be remotely wiped.
Most personal mobile devices are lost outside business hours. Your company should consider having a contact I.T person 24/7 to ensure BYOD security solutions.
Mobile device management software (MDM) is also desirable to consider since mobile devices can be monitored and managed by the organization. Security policies can be also distributed remotely by IT teams through this software and it simplifies the management of stolen devices.
A BYOD approach could increase employee productivity. Although some business owners may not fully embrace this policy, they must look for ways to adapt it since BYOD is not a passing trend and it may be here to stay.
This means that you may have to embrace this trend but also take the necessary precautions for mobile security and device security. You should take the time to make a proper and working BYOD policy that won’t leave your business exposed.
You can also bring in cybersecurity professionals to provide advice on what key areas you need to secure first before adopting the policy, and what procedures to undertake to ensure continuous cyber security and employee productivity without interfering with employees’ privacy.
How cyber-secure is your business? Find out with our free cybersecurity health check.
It’s a 30-minute Zoom call that walks through a checklist to assess your current cybersecurity levels and provide a short report with some advice and recommendations.